Last week I was going to make a tweet, but when i logged into Twitter I saw a message that said my account had been suspended. Due to the nature of Twitter already being a spammers paradise and backed with the knowledge that I don’t spam my followers, I immediately knew that my account had been compromised.

While my account had been suspended and frozen, I could still see my most recent tweet. It was obviously not from me and the person (or bot, more likely) had linked to a spammy affiliate site with some get-rich-quick scheme.

I don’t know how many tweets were sent out from my account, but I think it was actually only the one. There could have been more and Twitter removed them, but I’m guessing it was just the one and then Twitter detected that URL as being a spam link and froze my account.

I contacted Twitter explaining to them the situation, thinking I only had a small chance of getting my account restored since I had contacted Twitter numerous times nearly a year ago trying to get the tylercruz name from an obvious squatter (http://twitter.com/tylercruz) to no luck.

However, to my surprise, Twitter did respond about 10 days or so after my initial query and confirmed that it looked like my account had been compromised and restored my account!

So, thanks Twitter! I’m usually pretty pessimistic when it comes to customer support from large social media sites due to the sheer amount of issues they need to deal with, so it was a bit of a surprise.

I’ve had a lot of back luck with my accounts on social media sites. My YouTube account was banned about 2 years ago after a spammer got into it. That really sucked as all my videos were deleted and I didn’t have copies of a lot of them, and all of them were linked and embedded on my blog so I had to re-upload all the ones I did have saved on my computer.

YouTube never replied to any of my queries… which really sucked as it was obvious my account was compromised (I had rarely commented on videos before and only posted normal videos, then out of nowhere my account starts commenting on people’s videos with some insanely crazy spam). They could have compared my history, compared IP’s, etc.

I will admit though that I almost deserved getting my YouTube account hacked. I had chosen an easy-to-guess password so I had it coming.

YouTube, Twitter, now Facebook!?

And then last night I received an e-mail notification from Facebook notifying me that I received a message from a high-school acquaintance who I never talk to. The message read:

Subject: Google Money

Message: Any Porn Involved 😛 … Just kiddin… you sent me a dead link…… but if I take til off the end of com… I get to hear kevin tell me about how he has a nice car now .. lol… What are you doing these days… probably got your own big computer company eh 😀

I stared at that for probably 5-minutes, scratching my head. It was really weird because it looked like he mistakenly sent me the message, but then there were too many associations to me.

For example, Kevin is the name of my accountant, and I had just e-mailed him the night before about how my affiliate marketing campaigns were going (he’s interested). So, I thought maybe Kevin knows my friend somehow and told my friend what I was up to… but then that didn’t explain why he said he gets to hear about how Kevin has a nice car…

After more thought, I realized that he was probably referring to one of those spammy get-rich-quick landing pages where a guy is on video in front of his mansion and cars explaining just how easy it is to make money. The title really helped me deduce that. But it was still a very confusing message.

When I went to the Wall of my friend, I saw that I had apparently left a message there. A very bad spammy one telling him to go to a link to show how I make $50 a day using some method.

Sigh.

That really bugged me because I don’t want people thinking I’m whoring myself on their Facebook walls trying to spam them. I went through my other friends and contacts and saw that the spammer had done this on half a dozen others as well, so I had to remove the messages and explain that it wasn’t me.

Fortunately, I hate Facebook and almost never use it. I only have an account there so I can view other people’s photos, etc. when they send me a link, so it could have been much worse if I actually used Facebook and had everybody I know listed as a friend.

The strange thing is, the hacker/spammer/bot didn’t change my password… I found that really odd. Even if it was a bot, you’d still think it would have changed my password and e-mail to lock me out and erasing their spam.

So, I have obviously changed both my Facebook and Twitter passwords now, but am not certain how they were compromised in the first place.

“Koobface, an anagram of Facebook ("face" and "book" change order and "koob" is "book" in reverse), is a computer worm that targets the users of the social networking websites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.” (Source: Wikipedia)

Which it may have well been. I’m usually very careful about avoiding virii, but the article goes on to say:

“…they [the victims] are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, they will infect their computer with Koobface.”

…and I can see myself falling for that. That’s actually a pretty good technique if you ask me 🙂

However, I updated my free AdAware anti-spyware/virus software and ran a scan but it came up empty so I’m really not sure what happened.

Anyhow, while it sucked to lose control of my Twitter account and have my Facebook account send spam from my account, I wasn’t all that stressed about it since I’m really not a big user of social networking sites.

Now, if it were my PayPal, bank, server, or e-mail accounts I’d be real pissed!

Thank you for sharing your experiences. With your post you can help lots of twitter and facebook users to be cautious. I have not yet encountered those problems, but may also follow your solutions, like what you did to twitter guys.

Well Tyler I am sorry to hear that. I actually feel sorry for you…not! LOL. I have had people steal websites from me on multiple occasions within the last few months so I can understand your pain, but can you feel mine ;). Maybe you can let me make a guest post on your blog so I can throw a pity party too! JK I am suffering from lack of sleep don’t take anything personal.

* Never keep the password a site gives you – change it immediately.
* Never use a dictionary word. Or anything that’s personal to you. A random jumble of characters will do fine.
* Take advantage of all the characters each website lets you use – if it lets you use numbers, caps, spaces and other symbols, use them all at least one or twice.
* If the password-chooser feature has a weak/medium/strong thing, keep going until you find a strong password.
* As much of a pain it is to remember multiple passwords, don’t use the exact same password for each site. Even if you use the same base password (‘dn76lP3’, for example), put ‘fb’ on the end of your Facebook password (‘dn76lP3fb’) , ‘yt’ on the end of your YouTube one (”dn76lP3yt’), etc.
* Never write it down. Ever. And never use the ‘save password’ mechanism on sites – Chrome, especially, is notorious for having it’s list of saved passwords easily accessible.
* Change your password every 1-2 months.

Yes, it’s simple things that seems almost patronising to point out, but everyone sometimes forgets small things like a simple password can eventually lead to big problems later down the line.

Glad to hear that you got sorted out. Hackers are a giant pain in the a$$.

A friend of mine had his gmail account hacked last year. The problem was all to do with ebay (he used his gmail account for his ebay username and the same password). Seems to be really easy to hack eBay and if the person is using the same details then it’s open season on e-mail accounts.

Fortunately Google sorted him out in less than a day, the Nigerian hackers still have control of his eBay account to this day though.

Great post, Tyler. I would like to add a suggestion for everyone:
Write down your passwords in a notebook (the kind with paper) and tell a trusted loved one about the notebook. That way, if you’re incapacitated for any reason, they can log on to all your accounts and try to sort things out for you until you’re able to handle them again.

Hey Tyler, sorry to hear this happened to you man. Honestly I would suggest you getting Kaspersky Anti-virus, sure you gotta pay for it, but the security it provides is much better than the free version you have. They also have a 30 day free trial, so why not try it out at least? I wouldn’t doubt it that you had some sort of computer worm or virus. Just too coincidental that both your twitter and facebook got compromised.

damn it , what happen . i am sorry to hear about this news , i hope everything will be normal again.. good luck tyler , your blog is always my inspiration with or without twitter ( because i always visit your blog / not your update on twitter )

Sorry to hear that you have been hacked some many times. On the other hand the should confirm to you that you are very successful. No one would bother hacking a regular person when they can hack a big fish and reap more rewards from their deceit.

I haven’t had my facebook hacked before.. and don’t know much about it, but what are the bots doing? Running programs to guess your password? That’s too complicated for me. I’ve seen others who’s accounts have been hacked but (knock on wood) not me yet.

Most likely they won’t so you will need to contact cyber 911 or one of those government agencies. and have them do it for you. Then you can sue the guy for damages, identity thieft and invasion. and what ever crimes they suggest.

My account somehow got hacked today. Not much information was on there, but I certainly don’t want anyone using my account. I went in and changed the password. I checked my email several hours later to discover that there were emails from twitter about forgotten passwords.

They hadn’t messed with much, but they followed a lot of people that will take me a while to fix and some stupid people are following me now. There is a big error message across the top when I log in saying that my account has been suspended.

I wouldn’t even know if I’d been hacked to be honest! I use both of mine so infrequently nowadays. I’m also surprised that they listened to you, even if you’re completely legit they usually don’t accept any enters intos. They must have already known that they had an issue.

Sponsors

Whoa, not so fast! Don’t just immediately close this – hear me out for a second first.

If you enjoy reading my blog and would like to stay informed of new posts, sign up to my mailing list. An automatic e-mail with links and snippets from my latest 4 posts will be sent out.

In addition, I will very occasionally (on average once or twice a year) send out an e-mail if I have something very interesting or important to say. I promise that your inbox will not be flooded with spam.